Tags: e2b-dev/firecracker
Tags
Fixed * [firecracker-microvm#5418](firecracker-microvm#5418): Fixed typo in Swagger definition of `MmdsConfig`, where the property `imds_compat` was spelled as `imds_comat`. This caused auto-generated client to create bad requests.
Added * [firecracker-microvm#5139](firecracker-microvm#5139): Added support for [PVTime](https://docs.kernel.org/virt/kvm/arm/pvtime.html). This is used to support steal time on ARM machines. * [firecracker-microvm#5175](firecracker-microvm#5175): Allow including a custom cpu template directly in the json configuration file passed to `--config-file` under the `cpu_config` key. * [firecracker-microvm#5274](firecracker-microvm#5274): Allow taking diff snapshots even if dirty page tracking is disabled, by using `mincore(2)` to overapproximate the set of dirty pages. Only works if swap is disabled. * [firecracker-microvm#5290](firecracker-microvm#5290): Extended MMDS to support the EC2 IMDS-compatible session token headers (i.e. "X-aws-ec2-metadata-token" and "X-aws-ec2-metadata-token-ttl-seconds") alongside the MMDS-specific ones. * [firecracker-microvm#5290](firecracker-microvm#5290): Added `mmds.rx_invalid_token` and `mmds.rx_no_token` metrics to track the number of GET requests that were rejected due to token validation failures in MMDS version 2. These metrics also count requests that would be rejected in MMDS version 2 when MMDS version 1 is configured. They helps users assess readiness for migrating to MMDS version 2. * [firecracker-microvm#5310](firecracker-microvm#5310): Added an optional `imds_compat` field (default to false if not provided) to PUT requests to `/mmds/config` to enforce MMDS to always respond plain text contents in the IMDS format regardless of the `Accept` header in requests. Users need to regenerate snapshots. * [firecracker-microvm#5364](firecracker-microvm#5364): Added PCI support in Firecracker. PCI support is optional. Users can enable it passing the `--enable-pci` flag when launching the Firecracker process. When Firecracker process is launched with PCI support, it will create all VirtIO devices using a PCI VirtIO transport. If not enabled, Firecracker will use the MMIO transport instead. Changed * [firecracker-microvm#5165](firecracker-microvm#5165): Changed Firecracker snapshot feature from developer preview to generally available. Incremental snapshots remain in developer preview. * [firecracker-microvm#5282](firecracker-microvm#5282): Updated jailer to no longer require the executable file name to contain `firecracker`. * [firecracker-microvm#5290](firecracker-microvm#5290): Changed MMDS to validate the value of "X-metadata-token-ttl-seconds" header only if it is a PUT request to /latest/api/token, as in EC2 IMDS. * [firecracker-microvm#5290](firecracker-microvm#5290): Changed MMDS version 1 to support the session oriented method as in version 2, allowing easier migration to version 2. Note that MMDS version 1 accepts a GET request even with no token or an invalid token so that existing workloads continue to work. Deprecated * [firecracker-microvm#5274](firecracker-microvm#5274): Deprecated the `enable_diff_snapshots` parameter of the `/snapshot/load` API. Use `track_dirty_pages` instead. Removed * [firecracker-microvm#5411](firecracker-microvm#5411): Removed official support for Intel Skylake instances. Firecracker will continue to work on those instances, but we will no longer perform automated testing on them. Fixed * [firecracker-microvm#5222](firecracker-microvm#5222): Fixed network and rng devices locking up on hosts with non 4K pages. * [firecracker-microvm#5226](firecracker-microvm#5226): Fixed MMDS to set `Content-Type` header correctly (i.e. `Content-Type: text/plain` for IMDS-formatted or error responses and `Content-Type: application/json` for JSON-formatted responses). * [firecracker-microvm#5260](firecracker-microvm#5260): Fixed a bug allowing the block device to starve all other devices when backed by a sufficiently slow drive. * [firecracker-microvm#4207](firecracker-microvm#4207): Fixed GSI numbering on aarch64 to correctly allow up to 96 devices being attached simultaneously. * [firecracker-microvm#5290](firecracker-microvm#5290): Fixed MMDS to reject PUT requests containing `X-Forwarded-For` header regardless of its casing (e.g. `x-forwarded-for`). * [firecracker-microvm#5328](firecracker-microvm#5328): Fixed MMDS to set the token TTL header (i.e. "X-metadata-token-ttl-seconds" or "X-aws-ec2-metadata-token-ttl-seconds") in the response to "PUT /latest/api/token", as EC2 IMDS does.
Fixed * [firecracker-microvm#5277](firecracker-microvm#5277): Fixed a bug allowing the block device to starve all other devices when backed by a sufficiently slow drive.
Changed * [firecracker-microvm#220](firecracker-microvm/private-firecracker-staging#220): Made MMDS unwrap a string of JSON and respond a JSON object for IMDS security credentials paths so that some clients that requesting with `Accept: application/json` is able to parse the response.
Added * [firecracker-microvm#5048](firecracker-microvm#5048): Added support for [PVH boot mode](docs/pvh.md). This is used when an x86 kernel provides the appropriate ELF Note to indicate that PVH boot mode is supported. Linux kernels newer than 5.0 compiled with `CONFIG_PVH=y` set this ELF Note, as do FreeBSD kernels. * [firecracker-microvm#5065](firecracker-microvm#5065) Added support for Intel AMX (Advanced Matrix Extensions). To be able to take and restore a snapshot of Intel AMX state, `Xsave` is used instead of `kvm_xsave`, so users need to regenerate snapshots. * [firecracker-microvm#4731](firecracker-microvm#4731): Added support for modifying the host TAP device name during snapshot restore. * [firecracker-microvm#5146](firecracker-microvm#5146): Added Intel Sapphire Rapids as a supported and tested platform for Firecracker. * [firecracker-microvm#5148](firecracker-microvm#5148): Added ARM Graviton4 as a supported and tested platform for Firecracker. Changed * [firecracker-microvm#5118](firecracker-microvm#5118): Cleared WAITPKG CPUID bit in CPUID normalization. The feature enables a guest to put a physical processor into an idle state, which is undesirable in a FaaS environment since that is what the host wants to decide. * [firecracker-microvm#5142](firecracker-microvm#5142): Clarified what CPU models are supported by each existing CPU template. Firecracker exits with an error if a CPU template is used on an unsupported CPU model. Deprecated * [firecracker-microvm#4948](firecracker-microvm#4948): Deprecated the `page_size_kib` field in the [UFFD handshake](docs/snapshotting/handling-page-faults-on-snapshot-resume.md#registering-memory-to-be-handled-via-userfault-file-descriptors), and replaced it with a `page_size` field. The `page_size_kib` field is misnamed, as the value Firecracker sets it to is actually the page size in _bytes_, not KiB. It will be removed in Firecracker 2.0. Fixed * [firecracker-microvm#5074](firecracker-microvm#5074) Fix the `SendCtrlAltDel` command not working for ACPI-enabled guest kernels, by dropping the i8042.nopnp argument from the default kernel command line Firecracker constructs. * [firecracker-microvm#5122](firecracker-microvm#5122): Keep the UFFD Unix domain socket open to prevent the race condition between the guest memory mappings message and the shutdown event that was sometimes causing arrival of an empty message on the UFFD handler side. * [firecracker-microvm#5143](firecracker-microvm#5143): Fixed to report `process_startup_time_us` and `process_startup_time_cpu_us` metrics for `api_server` right after the API server starts, while previously reported before applying seccomp filter and starting the API server. Users may observe a bit longer startup time metrics.
Added * [firecracker-microvm#4987](firecracker-microvm#4987): Reset physical counter register (`CNTPCT_EL0`) on VM startup. This avoids VM reading the host physical counter value. This is only possible on 6.4 and newer kernels. For older kernels physical counter will still be passed to the guest unmodified. See more info [here](https://github.com/firecracker-microvm/firecracker/blob/main/docs/prod-host-setup.md#arm-only-vm-physical-counter-behaviour) * [firecracker-microvm#5088](firecracker-microvm#5088): Added AMD Genoa as a supported and tested platform for Firecracker. Changed * [firecracker-microvm#4913](firecracker-microvm#4913): Removed unnecessary fields (`max_connections` and `max_pending_resets`) from the snapshot format, bumping the snapshot version to 5.0.0. Users need to regenerate snapshots. * [firecracker-microvm#4926](firecracker-microvm#4926): Replace underlying implementation for seccompiler from in house one in favor of `libseccomp` which produces smaller and more optimized BPF code. Deprecated Removed Fixed * [firecracker-microvm#4921](firecracker-microvm#4921): Fixed swagger `CpuConfig` definition to include missing aarch64-specific fields. * [firecracker-microvm#4916](firecracker-microvm#4916): Fixed `IovDeque` implementation to work with any host page size. This fixes virtio-net device on non 4K host kernels. * [firecracker-microvm#4991](firecracker-microvm#4991): Fixed `mem_size_mib` and `track_dirty_pages` being mandatory for all `PATCH /machine-config` requests. Now, they can be omitted which leaves these parts of the machine configuration unchanged. * [firecracker-microvm#5007](firecracker-microvm#5007): Fixed watchdog softlockup warning on x86_64 guests when a vCPU is paused during GDB debugging. * [firecracker-microvm#5021](firecracker-microvm#5021) If a balloon device is inflated post UFFD-backed snapshot restore, Firecracker now causes `remove` UFFD messages to be sent to the UFFD handler. Previously, no such message would be sent. * [firecracker-microvm#5034](firecracker-microvm#5034): Fix an integer underflow in the jailer when computing the value it passes to Firecracker's `--parent-cpu-time-us` values, which caused development builds of Firecracker to crash (but production builds were unaffected as underflows do not panic in release mode). * [firecracker-microvm#5045](firecracker-microvm#5045): Fixed an issue where firecracker intermittently receives SIGHUP when using jailer with `--new-pid-ns` but without `--daemonize`. * [firecracker-microvm#4995](firecracker-microvm#4995): Firecracker no longer overwrites CPUID leaf 0x80000000 when running AMD hardware, meaning the guest can now discover a greater range of CPUID leaves in the extended function range (this range is host kernel dependent). * [firecracker-microvm#5046](firecracker-microvm#5046): Retry KVM_CREATE_VM on EINTR that occasionally happen on heavily loaded hosts to improve reliability of microVM creation. * [firecracker-microvm#5052](firecracker-microvm#5052): Build the empty seccomp policy as default for debug builds to avoid crashes on syscalls introduced by debug assertions from Rust 1.80.0.
PreviousNext